CN116456023A - Terminal anti-theft method and terminal equipment - Google Patents

Terminal anti-theft method and terminal equipment Download PDF

Info

Publication number
CN116456023A
CN116456023A CN202210022827.7A CN202210022827A CN116456023A CN 116456023 A CN116456023 A CN 116456023A CN 202210022827 A CN202210022827 A CN 202210022827A CN 116456023 A CN116456023 A CN 116456023A
Authority
CN
China
Prior art keywords
terminal equipment
theft
account
terminal
mobile phone
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210022827.7A
Other languages
Chinese (zh)
Inventor
殷高生
李任鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202210022827.7A priority Critical patent/CN116456023A/en
Priority to EP23737072.1A priority patent/EP4290844A4/en
Priority to PCT/CN2023/070550 priority patent/WO2023131209A1/en
Priority to US18/282,150 priority patent/US20240054208A1/en
Publication of CN116456023A publication Critical patent/CN116456023A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/667Preventing unauthorised calls from a telephone set
    • H04M1/67Preventing unauthorised calls from a telephone set by electronic means

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Mathematical Physics (AREA)
  • Telephone Function (AREA)

Abstract

The terminal anti-theft method and the terminal equipment can be used for carrying out identity verification when the terminal equipment is in a starting-up running state, and enter a locking state if a verification result is verification failure, so that a user cannot normally use the terminal equipment, and a certain anti-theft effect is achieved. The method comprises the following steps: if the terminal equipment is in a starting-up running state, the terminal equipment reads an anti-theft identifier, and the anti-theft identifier is stored in a safe storage chip; when the anti-theft identification indicates that the terminal equipment is in a lost state, the terminal equipment reads a first account number from the secure storage chip, wherein the first account number is an account number associated with the terminal equipment; the terminal equipment acquires a second account, wherein the second account is the account currently logged in by the terminal equipment; the terminal equipment determines whether the first account number is consistent with the second account number; if the first account number is inconsistent with the second account number, the terminal device displays a first interface, and the first interface indicates that the terminal device is locked.

Description

Terminal anti-theft method and terminal equipment
Technical Field
The application relates to the technical field of terminals, in particular to a terminal anti-theft method and terminal equipment.
Background
With the continuous development of technology, terminal devices (e.g., mobile phones, tablets, etc.) play an increasing role in people's life. But in daily life, the event of loss or theft of the terminal equipment occurs at times. When the terminal equipment is lost or stolen, a pick-up or a thief can perform operations such as machine brushing and the like on the terminal equipment to unlock the terminal equipment, so as to prevent a owner from retrieving the terminal equipment. Furthermore, the thief can steal the privacy information of the owner, so that the privacy of the owner is revealed.
Currently, a terminal manufacturer may set a factory restoration protection (factory reset protection, FRP) lock or an activation lock (activation lock) at the boot stage of the terminal, and verify the identity of the user through the FRP lock or the activation lock. Once the identity verification fails, the terminal cannot be activated to prevent illegal machine-brushing operation, so that the anti-theft purpose is achieved. However, the means of brushing the phone are endless, some of them can bypass the boot guide stage and thus bypass the authentication, and others of them can erase or tamper with the anti-theft identification stored in the terminal, thus allowing the illegal person to pass the authentication.
Therefore, the existing anti-theft method has the problem of poor anti-theft effect.
Disclosure of Invention
The application provides a terminal anti-theft method and terminal equipment, which are used for carrying out identity verification when the terminal equipment is possibly lost, and locking the terminal equipment when the identity verification is not passed, so that a user cannot normally use the terminal equipment, and the anti-theft coefficient of the terminal equipment is improved.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, the present application provides a terminal anti-theft method, applied to a terminal device, where the terminal device includes a secure memory chip, the method includes: if the terminal equipment is in a starting-up running state, the terminal equipment reads an anti-theft identifier, and the anti-theft identifier is stored in a safety storage chip; when the anti-theft identification indicates that the terminal equipment is in a lost state, the terminal equipment reads a first account number from the secure storage chip, wherein the first account number is an account number associated with the terminal equipment; the terminal equipment acquires a second account, wherein the second account is the account currently logged in by the terminal equipment; the terminal equipment determines whether the first account number is consistent with the second account number; if the first account number is inconsistent with the second account number, the terminal device displays a first interface, and the first interface indicates that the terminal device is locked.
It can be seen that the terminal device can store the anti-theft identification in the secure memory chip, and even if the terminal device is refreshed, the anti-theft identification is not erased. Therefore, the terminal equipment can always read the anti-theft identification in the starting-up running state, and the identity verification is carried out through the first account and the second account when the anti-theft identification indicates that the terminal equipment is possibly lost. Therefore, even if some terminal devices do not need to enter a startup guide stage due to some startup brushing means, the terminal devices can perform identity verification after startup, and if the verification result is that the verification is failed (i.e. the first account is inconsistent with the second account), the terminal devices enter a locking state, so that users cannot normally use the terminal devices, and the terminal devices have a certain antitheft effect.
In an alternative embodiment, the terminal device reads the anti-theft identifier, including: and responding to the operation of modifying the screen locking password by the user, and reading the anti-theft identification by the terminal equipment. It will be appreciated that it is contemplated that most users will set the lock screen code on the new device, and that the user will typically rarely modify the lock screen code. Therefore, when the user is detected to modify the screen locking password, the user using the terminal equipment can be considered to have a change, and the terminal equipment is verified to be in a lost state or not at the moment, so that the verification purpose can be achieved, and unnecessary verification can be reduced.
In an alternative embodiment, the terminal device reads the anti-theft identifier, including: the terminal equipment reads the anti-theft identification according to a preset time interval. Consider that the terminal device cannot predict what the user might be doing (e.g., whether the user would modify the lock screen password). Therefore, the terminal equipment can timely read the anti-theft identification, and can timely verify whether the terminal equipment is in a lost state, and once the terminal equipment is confirmed to be in the lost state, the user identity needs to be verified, and the terminal equipment is locked when the identity verification fails, so that the anti-theft coefficient of the terminal equipment is further enhanced.
In an alternative embodiment, the method further comprises: and responding to the terminal equipment entering the startup guide, and reading the anti-theft identification by the terminal equipment. That is, the terminal device may read the anti-theft identifier after entering the boot guide, and perform authentication in the boot guide stage, so as to implement anti-theft in the boot guide stage.
In an alternative embodiment, the terminal device obtaining the second account includes: the terminal equipment acquires a login identifier; if the login identification indicates that the terminal equipment does not login the account, the terminal equipment displays a second interface; and responding to the input operation of the user on the second interface, and acquiring the second account by the terminal equipment. That is, when the terminal device does not log in the second account, the terminal device may provide the user with a second interface for logging in the second account.
In an alternative embodiment, the method further comprises: if the login identification indicates that the terminal equipment is logged in the account, the terminal equipment reads the second account. That is, in the case where the terminal device has already registered the second account, the second account may be directly read.
In an alternative embodiment, the method further comprises: and in response to receiving the operation of sliding the first interface by the user, the terminal equipment displays a third interface, wherein the third interface is used for inputting the password matched with the first account number by the user. That is, after the terminal device enters the locked state, the user may cause the terminal device to display the third interface by sliding the first interface, and perform an unlocking (activating) operation through the third interface.
In an alternative embodiment, the method further comprises: if the first account is consistent with the second account, the terminal equipment resets the anti-theft identification. It will be appreciated that if the first account number is consistent with the second account number, the user using the terminal device may be considered unchanged, the terminal device is not lost, and thus the terminal device may reset the anti-theft identifier.
In an optional embodiment, the anti-theft identifier includes a first identifier and a second identifier, where the first identifier is used to indicate whether the terminal device starts a first function, the first function is a function that the terminal device uploads positioning information to the cloud server in real time, and the second identifier is used to indicate whether the terminal device is lost; if the first identifier indicates that the terminal equipment has started the first function, the terminal equipment is in a lost state; or if the first identifier indicates that the terminal equipment has started the first function and the second identifier indicates that the terminal equipment is lost, the terminal equipment is in a lost state.
In a second aspect, embodiments of the present application provide a terminal device comprising a secure memory chip and a processor, the processor and memory coupled, the memory storing program instructions that when executed by the processor cause the terminal device to implement the method of any one of the first aspects.
In a third aspect, embodiments of the present application provide a computer-readable storage medium comprising computer instructions; the computer instructions, when run on the terminal device, cause the terminal device to perform the method of any of the first aspects.
In a fourth aspect, the present application provides a chip system comprising one or more interface circuits and one or more processors. The interface circuit and the processor are interconnected by a wire. The chip system can be applied to a terminal device comprising a communication module and a memory. The interface circuit may read instructions stored in a memory in the terminal device and send the instructions to the processor. The instructions, when executed by a processor, may cause a terminal device to perform the method of any of the first aspects.
In a fifth aspect, the present application provides a computer program product for, when run on a terminal device, causing the terminal device to perform the method according to any one of the first aspects.
It will be appreciated that the terminal device according to the second aspect, the computer storage medium according to the third aspect, the chip system according to the fourth aspect, and the computer program product according to the fifth aspect are all configured to perform the corresponding methods provided above, and therefore, the advantages achieved by the method are referred to the advantages in the corresponding methods provided above, and will not be repeated herein.
Drawings
FIG. 1 is a diagram of a user interface provided herein;
fig. 2 is a system architecture diagram of a terminal device provided in the present application;
fig. 3 is a schematic structural diagram of a terminal device provided in the present application;
FIG. 4 is an interaction scenario diagram provided herein;
FIGS. 5A-5D are a set of user interface diagrams provided herein;
FIGS. 6A-6B are a set of user interface diagrams provided herein;
fig. 7 is a flowchart of a terminal anti-theft method provided in the present application;
8A-8B are a set of user interface diagrams provided herein;
fig. 9 is a flowchart of a terminal anti-theft method provided in the present application;
FIGS. 10A-10C are a set of user interface diagrams provided herein;
fig. 11 is a flowchart of a terminal anti-theft method provided in the present application.
Detailed Description
The terms "first" and "second" are used below for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present embodiment, unless otherwise specified, the meaning of "plurality" is two or more.
For clarity and conciseness in the description of the embodiments below and for ease of understanding to those skilled in the art, a brief introduction to related concepts or technologies is first presented.
Rich execution environments (rich execution environment, REEs), which may also be referred to as normal execution environments. The REEs generally refer to running environments without specific security functions, such as Android (Android), IOS operating systems. Note that, the REEs may be referred to as "untrusted execution environments", "normal execution environments", "unsafe execution environments", and so on, in addition to the "rich execution environments", which are not limited by the embodiments of the present application.
The trusted execution environment (trusted execution environment, TEE), the TEE is an operation environment coexisting with the REEs in the intelligent terminal, and the TEE is isolated from the REEs through the support of hardware, has security capability and can resist software attacks easily suffered by the conventional REEs. The TEE has its own running space, and defines strict protection measures, so that the TEE has a higher security level than the REEs, and can protect assets (assets) in the TEE, such as data, software and the like, from software attacks and resist specific types of security threats. A client application (client application, CA) may be running in the TEE.
A trusted application (trusted application, TA), which is an application running in the TEE, is capable of providing security services for CAs running outside the TEE, such as entering passwords, generating transaction signatures, face recognition, etc.
CA generally refers to an application running in the REE, but in the case where some TAs call TAs, the TA that actively initiates the call may also act as CA. The CA may make a call to the TA through a Client (Client) application programming interface (application programming interface, API) and instruct the TA to perform the corresponding security operation.
The secure memory chip is a hardware unit having an independent processor and hardware attack prevention capability, is capable of providing a secure operating environment for applications running therein, and is capable of ensuring the security and confidentiality of assets stored therein. Therefore, some important sensitive data such as a screen locking password, a face template encryption key, a fingerprint template encryption key and the like are selectively stored in the safe memory chip.
System on chip (SoC). An SoC is an integrated circuit with a dedicated target that contains the complete system and has the entire contents of embedded software. The SoC may integrate with a central processor (central processing unit, CPU), graphics processor (graphics processing unit, GPU), etc. of the terminal device.
After the terminal equipment is refreshed or factory setting is restored, the terminal equipment can directly enter a startup guide when restarting. Boot-up guidance is understood as a process in which a terminal device guides a user to set system-related parameters (e.g., a common language, an input method, a network, etc.) according to own usage habits. Currently, in order to improve the anti-theft coefficient of a terminal device, a terminal manufacturer can set an FRP lock or an activation lock in a boot guide of the terminal device, and verify the identity of a user through the FRP lock or the activation lock. If the authentication fails, the terminal device cannot be started normally, so as to prevent the operation of illegally reinstalling the operating system (commonly called "brushing machine").
Specifically, the terminal device is restarted under the condition of being refreshed or restoring factory settings, can enter a startup guide, and can read the anti-theft identification. The anti-theft identifier can be used for indicating the state of the terminal. The states in which the terminal device is placed may include two types, a lost state (e.g., antitheft flag of 1) and a normal state (e.g., antitheft flag of 0), respectively. If the anti-theft identification indicates that the terminal equipment is in a lost state, the terminal equipment can trigger an activation lock to guide a user to input account information so as to verify the identity of the user. For example, the terminal device may display an activation interface 101 as shown in fig. 1. The activation interface 101 includes a prompt 102, an input box 103, and an activation option 104. The prompt 102 is used to prompt the device that it has been associated with another account (e.g., glowing account 123. 1234) and is locked by the activation lock, requesting the user to enter the corresponding account information to activate the device. The input box 103 is used for inputting account information by the user. The account information may include an account number and a corresponding password. After the user inputs account information via the input box 103, the user may click on the activation option 104. The terminal device may receive an operation of clicking the activation option 104 by the user, and in response to the operation, the terminal device verifies whether the account information input by the user matches the preset account information. If the account information input by the user is matched with the preset account information, a successful verification result can be obtained, and the terminal equipment is successfully activated and can be started normally. If the secret account information input by the user is not matched with the preset account information, a verification failure result is obtained, and the terminal equipment fails to activate and can not be started normally.
However, the means of brushing the terminal device is endless, and some means of brushing the terminal device can make the terminal device directly start without entering a startup guide stage after being brushed, thereby bypassing the authentication. Some of the means for refreshing can erase or tamper with the anti-theft identification stored in the terminal device. For example, the parameter of the anti-theft identification may be changed to indicate that the terminal device is in a normal state. Under the condition, the terminal equipment does not need to activate the FRP lock or the lock after entering the boot guide, and can bypass the authentication, so that the anti-theft effect can not be achieved.
Therefore, the prior art has the problem of poor anti-theft effect.
Therefore, the first account and the anti-theft identification are stored in the secure memory chip, the risk that the terminal equipment does not perform identity verification due to tampering or erasure of the first account and the anti-theft identification can be reduced, and the anti-theft coefficient of the terminal equipment is further improved. The first account is an account that the terminal device has logged in (which can be understood as a login account of an original user of the terminal device). The anti-theft identifier includes a service identifier (may also be referred to as a first identifier) for indicating whether the terminal device turns on the function of the search device (may also be referred to as a first function), and a lost identifier (may also be referred to as a second identifier) for indicating whether the terminal device is in a lost mode. After the function of searching the equipment is started, the terminal equipment can quickly locate the lost equipment to obtain the locating information, set the lost mode, and upload the locating information to the cloud server in real time.
In addition, the terminal device can also read the anti-theft identification from the secure memory chip, and read the first account number from the secure memory chip when the anti-theft identification is determined to indicate that the terminal device is likely to be lost. The terminal device may verify whether the second account number is consistent with the first account number. The second account is the account currently logged in by the terminal device (which can be understood as the login account of the current user of the terminal device). If the first account is inconsistent with the second account, the terminal equipment enters a locking state, and the current user is restricted from continuously using the terminal equipment. Therefore, the terminal equipment can read the anti-theft identification and perform identity verification during starting operation, so that the terminal equipment can be normally used after the identity verification is successful even if the terminal equipment is refreshed, and the anti-theft coefficient of the terminal equipment is further improved.
The terminal anti-theft method in the embodiment of the application can be applied to a system architecture shown in fig. 2. As shown in fig. 2, the system may include a re, a TEE, a secure memory chip, and a SoC. The REE can be respectively communicated with the TEE and the SoC, and the TEE and the secure memory chip can be mutually communicated. The security memory chip can be used for storing sensitive data such as a first account number, an anti-theft identifier, a screen locking password and the like. The REE may have a first CA deployed therein and the TEE may have a first TA deployed therein. The first CA may send a request to the first TA to read sensitive data such as the first account number, the anti-theft identification, the screen locking password, etc. The first TA may receive the request, read the corresponding data from the secure memory chip, and feed back to the first CA.
It should be noted that, in the embodiment of the present application, the system may further include more TEEs, for example, the TEE in fig. 2 is used as a first TEE, and a Virtual Machine (VM) virtualized by a hypervisor (also called a virtual machine monitor (virtual machine monitor, VMM)) is used as a second TEE.
The terminal device involved in the embodiment of the present application may be any terminal device supporting the system architecture shown in fig. 2. For example, the terminal device may be a mobile phone, a tablet computer, a desktop computer, a handheld computer, a notebook computer (laptop), an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook, a personal digital assistant (personal digital assistant, PDA), an augmented reality (augmented reality, AR) \virtual reality (VR) device, or the like, and the specific form of the terminal device is not particularly limited in the embodiments of the present application.
The following describes a schematic structure of a terminal device applied in the implementation of the present application, taking the terminal device as an example of a mobile phone. Referring to fig. 3, the mobile phone 200 may include: processor 210, external memory interface 220, internal memory 221, universal serial bus (universal serial bus, USB) interface 230, charge management module 240, power management module 241, battery 242, antenna 1, antenna 2, mobile communication module 250, wireless communication module 260, audio module 270, speaker 270A, receiver 270B, microphone 270C, headset interface 270D, sensor module 280, keys 290, motor 291, indicator 292, camera 293, display 294, and subscriber identity module (subscriber identification module, SIM) card interface 295, among others.
The sensor module 280 may include pressure sensors, gyroscope sensors, barometric pressure sensors, magnetic sensors, acceleration sensors, distance sensors, proximity sensors, fingerprint sensors, temperature sensors, touch sensors, ambient light sensors, bone conduction sensors, and the like.
It should be understood that the structure illustrated in this embodiment is not limited to the specific configuration of the mobile phone 200. In other embodiments, the handset 200 may include more or fewer components than shown, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Processor 210 may include one or more processing units such as, for example: the processor 210 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), a controller, a memory, a video codec, a digital signal processor (digital signal processor, DSP), a baseband processor, and/or a neural network processor (neural-network processing unit, NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.
The controller may be a neural hub and command center of the cell phone 200. The controller can generate operation control signals according to the instruction operation codes and the time sequence signals to finish the control of instruction fetching and instruction execution.
A memory may also be provided in the processor 210 for storing instructions and data. In some embodiments, the memory in the processor 210 is a cache memory. The memory may hold instructions or data that the processor 210 has just used or recycled. If the processor 210 needs to reuse the instruction or data, it may be called directly from the memory. Repeated accesses are avoided and the latency of the processor 210 is reduced, thereby improving the efficiency of the system.
In some embodiments, processor 210 may include one or more interfaces. The interfaces may include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, a universal asynchronous receiver transmitter (universal asynchronous receiver/transmitter, UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purpose input/output (GPIO) interface, a subscriber identity module (subscriber identity module, SIM) interface, and/or a universal serial bus (universal serial bus, USB) interface, among others.
It should be understood that the connection relationship between the modules illustrated in this embodiment is only illustrative, and is not limited to the structure of the mobile phone 200. In other embodiments, the mobile phone 200 may also use different interfacing manners, or a combination of multiple interfacing manners in the above embodiments.
The charge management module 240 is configured to receive a charge input from a charger. The charger can be a wireless charger or a wired charger. The charging management module 240 may also supply power to the terminal device through the power management module 241 while charging the battery 242.
The power management module 241 is used for connecting the battery 242, and the charge management module 240 and the processor 210. The power management module 241 receives input from the battery 242 and/or the charge management module 240 and provides power to the processor 210, the internal memory 221, the external memory, the display 294, the camera 293, the wireless communication module 260, and the like. In some embodiments, the power management module 241 and the charge management module 240 may also be provided in the same device.
The wireless communication function of the mobile phone 200 may be implemented by the antenna 1, the antenna 2, the mobile communication module 250, the wireless communication module 260, a modem processor, a baseband processor, and the like. In some embodiments, antenna 1 and mobile communication module 250 of handset 200 are coupled, and antenna 2 and wireless communication module 260 are coupled, so that handset 200 may communicate with a network and other devices through wireless communication techniques.
The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the handset 200 may be used to cover a single or multiple communication bands. Different antennas may also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed into a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
The mobile communication module 250 may provide a solution for wireless communication including 2G/3G/4G/5G, etc. applied to the handset 200. The mobile communication module 250 may include at least one filter, switch, power amplifier, low noise amplifier (low noise amplifier, LNA), etc. The mobile communication module 250 may receive electromagnetic waves from the antenna 1, perform processes such as filtering, amplifying, and the like on the received electromagnetic waves, and transmit the processed electromagnetic waves to the modem processor for demodulation.
The mobile communication module 250 can amplify the signal modulated by the modem processor, and convert the signal into electromagnetic waves through the antenna 1 to radiate. In some embodiments, at least some of the functional modules of the mobile communication module 250 may be disposed in the processor 210. In some embodiments, at least some of the functional modules of the mobile communication module 250 may be provided in the same device as at least some of the modules of the processor 210.
The wireless communication module 260 may provide solutions for wireless communication including WLAN (e.g., (wireless fidelity, wi-Fi) network), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field wireless communication technology (near field communication, NFC), infrared technology (IR), etc. applied on the handset 200.
The wireless communication module 260 may be one or more devices that integrate at least one communication processing module. The wireless communication module 260 receives electromagnetic waves via the antenna 2, modulates the electromagnetic wave signals, filters the electromagnetic wave signals, and transmits the processed signals to the processor 210. The wireless communication module 260 may also receive a signal to be transmitted from the processor 210, frequency modulate it, amplify it, and convert it to electromagnetic waves for radiation via the antenna 2.
The cell phone 200 implements display functions through a GPU, a display 294, an application processor, and the like. The GPU is a microprocessor for image processing, and is connected to the display screen 294 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 210 may include one or more GPUs that execute program instructions to generate or change display information.
The display 294 is used to display images, videos, and the like. The display 294 includes a display panel.
The mobile phone 200 may implement a photographing function through an ISP, a camera 293, a video codec, a GPU, a display 294, an application processor, and the like. The ISP is used to process the data fed back by the camera 293. The camera 293 is used to capture still images or video. In some embodiments, the cell phone 200 may include 1 or N cameras 293, N being a positive integer greater than 1.
The external memory interface 220 may be used to connect an external memory card, such as a Micro SD card, to extend the memory capabilities of the cell phone 200. The external memory card communicates with the processor 210 through an external memory interface 220 to implement data storage functions. For example, files such as music, video, etc. are stored in an external memory card.
Internal memory 221 may be used to store computer executable program code that includes instructions. The processor 210 executes various functional applications of the cellular phone 200 and data processing by executing instructions stored in the internal memory 221. For example, in an embodiment of the present application, the processor 210 may include a memory program area and a memory data area by executing instructions stored in the internal memory 221.
The storage program area may store an application program (such as a sound playing function, an image playing function, etc.) required for at least one function of the operating system, etc. The storage data area may store data (e.g., audio data, phonebook, etc.) created during use of the handset 200, etc. In addition, the internal memory 221 may include a high-speed random access memory, and may further include a nonvolatile memory such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (universal flash storage, UFS), and the like.
The handset 200 may implement audio functions through an audio module 270, a speaker 270A, a receiver 270B, a microphone 270C, an earphone interface 270D, an application processor, and the like. Such as music playing, recording, etc.
Keys 290 include a power on key, a volume key, etc. The keys 290 may be mechanical keys. Or may be a touch key. The motor 291 may generate a vibration alert. The motor 291 may be used for incoming call vibration alerting or for touch vibration feedback. The indicator 292 may be an indicator light, which may be used to indicate a state of charge, a change in power, a message indicating a missed call, a notification, etc. The SIM card interface 295 is for interfacing with a SIM card. The SIM card may be inserted into the SIM card interface 295 or removed from the SIM card interface 295 to allow contact and separation from the handset 200. The handset 200 may support 1 or N SIM card interfaces, N being a positive integer greater than 1. The SIM card interface 295 may support Nano SIM cards, micro SIM cards, and the like.
Next, taking a scenario that the mobile phone 1 is searched for by the mobile phone 2 after the mobile phone 1 of yoyo (the mobile phone 1 has started the function of searching for the device) is lost as an example, the terminal anti-theft method provided by the application will be described in detail. As shown in fig. 4, the mobile phone 1 and the mobile phone 2 are respectively connected with the cloud server in a communication manner.
yoyo can pre-start the function of the search device of the mobile phone 1. After the function of searching the equipment is started, the mobile phone can rapidly locate the lost equipment, play the bell on the equipment, and set a lost mode and erase data so as to avoid privacy disclosure of a user. In addition, the mobile phone can acquire the state and position information of the mobile phone so as to position the mobile phone. Illustratively, yoyo may turn on the find device function of the handset 1 through the interfaces shown in fig. 5A-5D. As shown in fig. 5A (a), the handset 1 may display a main interface 501 (or desktop), and the main interface 501 may include setting options 502. The mobile phone 1 may receive a click operation of the setting option 502 by the user, and in response to this operation, the mobile phone 1 may display a setting interface 503 as shown in (b) in fig. 5A. The settings interface 503 may include a number of settings options such as WLAN, bluetooth, battery and security 504, etc. The handset 1 may receive a click operation of the security 504 option by the user, and in response to this operation, the handset 1 may display an interface 505 as shown in (a) of fig. 5B. The interface 505 may include a number of setup options regarding device security, such as a lookup device 506, SOS emergency help, password safe, etc. If the user wishes to turn on the find device function, he can click on the option of the find device 506, and in response to this operation, the handset 1 can display an interface 507 as shown in fig. 5B (B). Interface 507 may include relevant instructions regarding finding device functionality, as well as an option to immediately turn on 508. The mobile phone 1 may receive an operation in which the user clicks on the option of the immediate on 508, and in response to this operation, the mobile phone 1 may display a login interface 601 as shown in (a) in fig. 5C. The login interface 601 includes an information input area 602 and login options 603. As shown in fig. 5C (b), after the user inputs the login account (i.e., the first account, for example, the mobile phone number "135" 1234 ") and the authentication code (for example," 6512 ") in the information input area 602, the user clicks the login option 603. After receiving the operation that the user clicks the login option 603, the mobile phone 1 may send the mobile phone number and the verification code to the cloud server, and the cloud server verifies the mobile phone number and the verification code. After the cloud server is successfully verified, a message of successful verification can be sent to the mobile phone 1. The mobile phone 1 receives the message and displays a search device interface 701 as shown in (a) of fig. 5D. The find device interface 701 may include status prompt information 702 and find my phone option 703. The status hint information 702 is used to indicate whether the find device function is turned on. For example, the status prompt 702 as shown in (a) in fig. 5D indicates that the mobile phone 1 does not turn on the function of the search device. If the user wishes to turn on the find device function, he clicks on the find my phone option 703. After the handset detects this operation, the handset 1 can be located and a map 704 identifying the specific location of the handset 1 can be displayed in the search device interface 701 (as shown in (b) of fig. 5D). It should be noted that, if the mobile phone 1 has already logged in to the first account, when the mobile phone 1 receives the operation of clicking the immediate opening 508 by the user, the login process shown in fig. 5C may be skipped, and the search device interface 701 shown in fig. 5D may be directly displayed.
After the mobile phone 1 starts the function of the search device, the service identifier may be set to a state of identifying that the function of the search device has been started. In one possible design, the service identifier may be 0 or 1, where a service identifier of 0 indicates that the device does not start the function of looking up the device, and a service identifier of 1 indicates that the device has started the function of looking up the device. Thus, after the mobile phone 1 starts the function of searching the device, the service identifier may be set to 1, and a request for storing the service identifier and the first account may be sent to the first TA. The first TA may receive the request and write the service identifier and the first account number to the secure storage chip, where the secure storage chip stores the service identifier and the first account number.
After the function of the searching device is started, the mobile phone 1 can also acquire the positioning information of the mobile phone and upload the positioning information to the cloud server. The cloud server can receive the positioning information and establish a binding relationship among the mobile phone 1, the positioning information and the first account. The establishment of the binding relationship between the mobile phone 1, the positioning information and the first account may mean that the cloud server may find the positioning information of the mobile phone 1 through the first account.
After yoyo confirms that the mobile phone 1 is lost, a first account can be logged in the mobile phone 2, and the state of the mobile phone 1 is set to be in a lost mode. Illustratively, as shown in (a) of fig. 6A, after the handset 2 of yoyo logs in to the first account, the handset 2 may display a lookup device interface 801. The find device interface 801 includes the option to view all devices 802. If the user wishes to view all devices associated with the first account, he may click to view all devices 802. After the mobile phone 2 detects that the user clicks to view all the devices 802, a device list 803 may be displayed in the find device interface 801 (as shown in (b) of fig. 6A). The device list 803 may display device information of all devices (e.g., mobile phone 1 and mobile phone 2 of yoyoyo) bound by the first account, where the device information may include a device name (e.g., mobile phone 1 of yoyoyo), a device model number (e.g., honor logic 3 Pro), location information (e.g., a science and technology building), and the like. The user may select a device to be controlled (for example, a cellular phone 1 of yoyo) from among all devices included in the device list 803, and in response to an operation of the cellular phone 1 of yoyo selected by the user, the cellular phone 2 may display a control bar 804 as shown in (a) in fig. 6B on the find device interface 801. The control bar 804 may display a specific location of the mobile phone 1 (e.g., 1 street technology building in urban high-new area a in the province of Sichuan), a power situation, a plurality of control options available for controlling the mobile phone 1, etc. Among other control options, the plurality of control options may include a lost pattern 805, play ring tones, navigate, erase data, and so forth. The user may click on the operation of the lost mode 805, and in response thereto, as shown in (B) of fig. 6B, the mobile phone 2 may display an interface 806. Interface 806 includes an explanation about the missing pattern. Illustratively, after the lost mode is turned on, the user can remotely lock and track the lost device (e.g., handset 1) and leave a message on the lock screen interface of the lost device to allow the pick to contact the owner. In addition, interface 806 also includes a continue option 807. The handset 2 may receive an operation of the user clicking on the continue option 807, in response to which the handset 2 may display a setup lock screen information interface 808 (as shown in (c) of fig. 6B). The lock screen information interface 808 is used to set information, such as a mobile phone number, a message, etc., displayed on the lock screen interface of the mobile phone 1 after the mobile phone enters the lost mode. The lock screen information interface 808 may include a confirmation option 809 that the user may click upon after completing the setup. After detecting that the user clicks on the confirmation option 809, the handset 2 may send a request to the cloud server to set the handset 1 to the lost mode. And the cloud server receives the request and sends a state change message to the mobile phone 1 according to the first account. The mobile phone 1 receives the status change message and sets the loss setting flag to a status that indicates that the loss mode has been turned on. In one possible design, the set-loss flag may be 0 or 1, and if the set-loss flag is 0, it indicates that the device has not entered the set-loss mode, and if the set-loss flag is 1, it indicates that the device has entered the set-loss mode. Thus, after receiving the status change message, the mobile phone 1 can set the loss setting identifier to 1, write the loss setting identifier into the secure memory chip, and store the loss setting identifier by the secure memory chip.
It can be appreciated that, as a hardware unit with an independent processor and capability of preventing hardware attack, a normal operation of brushing or restoring factory settings cannot tamper with or erase data stored in the secure memory chip. Therefore, the first account, the service identifier and the lost identifier are stored through the secure memory chip, and illegal persons can be prevented from tampering or erasing the first account and the anti-theft identifier.
In the embodiment of the application, in order to strengthen the anti-theft coefficient of the terminal device, after the mobile phone 1 enters the lost mode, the anti-theft can be performed from two stages. The two phases include: a startup guide stage and a normal startup operation stage. Hereinafter, how the handset 1 is antitheft during the boot-up guide phase and the normal boot-up operation phase will be described.
(1) In the boot-strap phase.
As shown in fig. 7, the anti-theft process of the mobile phone 1 in the boot guide stage is shown. The process comprises the following steps: after the mobile phone 1 is restored to the factory setting or is refreshed, the mobile phone 1 enters a boot guide. For example, after receiving a user's power-on operation, the mobile phone 1 may detect whether the firmware version is changed. If the firmware version changes, the mobile phone 1 is considered to be refreshed, and the boot guide is entered. After entering the boot guide, the mobile phone 1 can read the anti-theft identification. If the anti-theft identification indicates that the mobile phone 1 is not in a lost state, the mobile phone 1 can be directly and normally started to finish restoring factory settings or brushing. If the anti-theft indicator indicates that the handset 1 is in a lost state, the handset 1 may display an activate lock interface (e.g., may be interface 101 as shown in fig. 1). The mobile phone 1 can identify the input operation of the user in activating the lock interface and acquire the second account. The mobile phone 1 can read the first account number and compare whether the first account number is consistent with the second account number. If the first account is consistent with the second account, the mobile phone 1 is started normally; if the first account is inconsistent with the second account, the mobile phone 1 fails to start, and factory setting recovery or machine brushing cannot be completed.
In the startup guide stage, the mobile phone 1 can display different setting interfaces to guide the user to set the common functions. Common functions may include WIFI, contacts, login accounts, etc. After the mobile phone 1 enters the startup guide, whether the mobile phone 1 is in a lost mode can be confirmed by reading the anti-theft identification. The process of reading the anti-theft identifier by the mobile phone 1 comprises the following steps: the first CA sends a request to the first TA to read the anti-theft identification. The first TA receives the request, reads the anti-theft identification from the secure memory chip and feeds the anti-theft identification back to the first CA. The first CA may be an anti-theft CA pre-deployed in the REE, and the first TA is an anti-theft TA pre-deployed in the TEE, and by matching the first CA with the first TA, the anti-theft service of the mobile phone 1 may be implemented. It should be noted that, the principle and flow of the mobile phone 1 reading the first account number are the same as or similar to the principle and flow of the mobile phone 1 reading the anti-theft identifier, and will not be described in detail.
Further, the anti-theft identifier comprises a service identifier and a lost identifier. In an alternative design, if the service identifier is 1 and the drop identifier is 1, the mobile phone 1 may be considered to be in a lost state; if the drop flag is 0 (whether the service flag is 1 or 0), the mobile phone 1 is not considered to be in a lost state. In other words, the mobile phone 1 is considered to be in the lost state only after the user turns on the function of the search device of the mobile phone 1 and successfully sets the mobile phone 1 to the lost mode. By the method, when the original owner normally performs operations such as brushing the mobile phone 1, identity verification is not needed, so that the anti-theft effect is achieved, and bad experience brought to users by complicated operations is avoided.
In actual operation, the lost mode can be set only after the device turns on the find device function. Therefore, in the case where the theft prevention flag is not modified, in the case where the service flag is 0, the loss setting flag cannot be 1. In this case, the first CA may first send a request to the first TA to read the service identification. And under the condition that the service identifier is confirmed to be 1, sending a request for reading the lost-setting identifier to the first TA, and further confirming whether the mobile phone 1 is in a lost state according to the lost-setting identifier being 1 or 0.
After confirming that the mobile phone 1 is in a lost state, an activation interface can be displayed. In an alternative design, the handset 1 may display an activation interface 801 as shown in fig. 8A. The activation interface 801 may include an input box 802, the input box 802 for a user to enter an account number and password. For example, the touch sensor of the mobile phone 1 detects a touch operation of the user on the display screen 294, reports the touch position information of the user on the display screen 294 to the processor 210, and the processor 210 determines that the touch operation is to input the second account number and the corresponding password according to the touch position information reported by the touch sensor in the preset time period. After the mobile phone 1 obtains the second account number and the corresponding password input by the user, whether the second account number is matched with the password or not can be verified. If the second account number does not match the password, the mobile phone 1 may display a prompt message (not shown) for prompting that the password is incorrect. If the second account matches the password, the mobile phone 1 can further compare whether the first account is consistent with the second account. If the first account is consistent with the second account, the mobile phone 1 is started normally; if the first account is inconsistent with the second account, the mobile phone 1 fails to start, and factory setting recovery or machine brushing cannot be completed.
In another alternative design, the handset 1 may display an activation interface 803 as shown in fig. 8B. The activation interface 803 may include a prompt 804 and an input box 805. The prompt 804 is used to prompt the user that the device has been associated with another account number (i.e., the first account number) and is locked by the activation lock, requesting the current user to enter corresponding account information to activate the device. The input box 805 is used for a user to input a password of an associated account number (first account number). For example, after detecting the password input by the user, the mobile phone 1 may verify whether the password matches the first account. If the password is matched with the first account, the mobile phone 1 is started normally; if the password is not matched with the first account, the mobile phone 1 fails to start, and factory setting recovery or machine refreshing cannot be completed.
Thus, even if the pick-up performs a brushing operation or a factory setting restoration operation on the picked-up device, the device enters a boot guide stage after being restarted, and the identity of the user is verified by activating the lock. If the verification cannot be passed, the starting operation cannot be completed, the pick-up is prevented from normally using the mobile phone 1, and a certain anti-theft effect is achieved.
(2) In the normal start-up operation stage.
After the mobile phone 1 is started and operated normally, the mobile phone 1 can actively and/or passively start an anti-theft process. The active starting of the anti-theft process may mean that the mobile phone 1 can regularly read the anti-theft identifier to detect whether the mobile phone is in a lost state, if so, the identity of the user can be verified, and the mobile phone is locked when the identity verification fails. The passive anti-theft process may refer to that when the mobile phone 1 detects the operation of setting a password by a user, the anti-theft identifier may be read to detect whether the mobile phone is in a lost state, if so, the identity of the user may be verified, and when the identity verification fails, the mobile phone is locked.
Referring to fig. 9, a flow chart of the passive unlocking anti-theft process of the mobile phone 1 is shown. As shown in fig. 9, the mobile phone 1 may receive an operation of setting a screen locking password by a user, and in response to the operation, the mobile phone 1 may first read the anti-theft identifier. If the anti-theft identification indicates that the mobile phone 1 is not in a lost state, the mobile phone 1 can normally operate. If the anti-theft identification indicates that the mobile phone 1 is in a lost state, the mobile phone 1 can read the first account and the second account and verify whether the second account is consistent with the first account. If the first account is consistent with the second account, the mobile phone 1 operates normally; if the first account is inconsistent with the second account, the mobile phone 1 enters a locked state, and can not provide service for the user before unlocking. In an alternative embodiment, the anti-theft identifier may include a service identifier and a lost identifier, and when the service identifier and the lost identifier are both 1, the mobile phone may be considered to be in a lost state, and the mobile phone 1 reads the first account number and the second account number.
It should be noted that, if the mobile phone 1 has already logged in the account, the mobile phone 1 may directly read the second account. If the mobile phone 1 does not log in the second account, the mobile phone 1 can display a login interface for the user to log in so as to acquire the second account. The login interface is similar to the interface 601 shown in fig. 5C, and is not described herein. In an alternative design, the handset 1 may obtain the login identification. The login identification may be used to indicate whether the handset 1 is logged into an account. For example, the login identifier may be 0 or 1, where a login identifier of 1 may indicate that the mobile phone 1 has logged in to the account, and a login identifier of 0 may indicate that the mobile phone 1 has not logged in to the account.
For example, as shown in fig. 10A, the mobile phone 1 may display an interface 1001 for a lock screen password. The interface 1001 includes an option 1002 to set a lock screen password. The mobile phone 1 may receive an operation of clicking the option 1002 by the user, and in response to the operation, the mobile phone 1 may read the anti-theft identifier. If the anti-theft identification indicates that the mobile phone 1 is in a non-lost state, or the anti-theft identification indicates that the mobile phone 1 is in a lost state and the second account is consistent with the first account, the mobile phone 1 may display an interface 1003 as shown in fig. 10B, where the interface 1003 is used for a user to set a screen locking password. If the anti-theft identifier indicates that the mobile phone 1 is in a lost state and the second account is inconsistent with the first account, the mobile phone 1 may display an activation lock interface 1004 as shown in fig. 10C (a), where the activation lock interface 1004 is used to prompt the current user of the mobile phone 1 to return the mobile phone 1 to the original owner as soon as possible. The mobile phone 1 may receive an operation of the user to slide the activation lock interface 1004, and in response to the operation, the mobile phone 1 may display an interface 1005 as shown in (b) of fig. 10C. The interface 1005 is used for a user to enter a password.
It will be appreciated that, as users pay more and more attention to privacy, it is likely that the mobile phone 1 will be provided with a lock screen code, whether the original owner of the mobile phone 1 or the pick-up of the mobile phone 1. Therefore, the screen locking password is set to trigger the mobile phone 1 to verify the anti-theft identification and the user identity, and the mobile phone is locked when the identity verification fails, so that the mobile phone 1 can be prevented from being normally used by a pick-up person of the mobile phone 1 to a certain extent, and a good anti-theft effect exists.
It should be noted that, the screen locking password is only illustrated by taking a digital password as an example. In practice, the lock screen password may also include biometric information (e.g., fingerprint, face, iris, etc.), and so forth.
Please refer to fig. 11, which is a flowchart of the active anti-theft process of the mobile phone 1. As shown in fig. 11, the mobile phone 1 can periodically read the anti-theft identification. If the anti-theft identification indicates that the mobile phone 1 is not in a lost state, the mobile phone 1 can normally operate. If the anti-theft identification indicates that the mobile phone 1 is in a lost state, the mobile phone 1 can read the first account and verify whether the second account is consistent with the first account. If the first account is consistent with the second account, the mobile phone 1 operates normally; if the first account is inconsistent with the second account, the mobile phone 1 enters a locked state, and can not provide service for the user before unlocking. In an alternative embodiment, the anti-theft identifier may include a service identifier and a lost identifier, and when the service identifier and the lost identifier are both 1, the mobile phone may be considered to be in a lost state, and the mobile phone 1 reads the first account number and the second account number. If the first account is consistent with the second account, the mobile phone 1 operates normally; if the first account is inconsistent with the second account, the mobile phone 1 enters a locked state, and can not provide service for the user before unlocking.
It can be understood that, considering that some users (including the original owner of the mobile phone 1 and the pick-up of the mobile phone 1) may not set the screen locking password, the anti-theft process triggered by setting the screen locking password cannot achieve the anti-theft effect, so that the mobile phone 1 can actively and periodically read the anti-theft identifier, and once the mobile phone 1 is confirmed to be in a lost state, the identity of the user needs to be verified, and the mobile phone is locked when the identity verification fails. This in turn further enhances the antitheft coefficient of the terminal device.
Therefore, even if a pick-up person brushes the terminal equipment by a plurality of brushing means, the terminal equipment is directly started without entering a startup guide stage. The terminal device also reads the anti-theft identification after normal power-on, and verifies the user identity when the anti-theft identification indicates that the terminal device may be lost. If the verification result is that the verification fails, the terminal equipment enters a locking state, so that the user cannot normally use the terminal equipment, and the anti-theft device has a certain anti-theft effect.
It should be noted that, in the anti-theft process shown in fig. 9 and 11, when the service identifier is confirmed to be 1 and the loss setting identifier is confirmed to be 1, the mobile phone 1 may obtain the first account and the second account, and further verify whether the second account is consistent with the first account. In this case, the first CA may first send a request to the first TA to read the service identification. And under the condition that the service identifier is confirmed to be 1, sending a request for reading the lost-setting identifier to the first TA, and further confirming whether the mobile phone 1 is in a lost state according to the lost-setting identifier being 1 or 0. In addition, since this way, the mobile phone 1 can perform authentication only after the original owner turns on the function of the search device of the mobile phone 1 and places the mobile phone 1 in a lost state. In other words, when the original owner does not put the mobile phone 1 to be lost, the equipment can be used normally without identity verification. Therefore, the mode has the anti-theft effect and can avoid the bad experience brought to the user by complicated operation.
The foregoing describes that after the mobile phone 1 enters the lost mode (i.e. the service identifier is 1 and the lost identifier is 1), the identity of the user can be verified in the boot-strap stage or the normal boot-strap operation stage. In practical application, there is often a problem that the original owner of the mobile phone 1 does not set the mobile phone 1 in a lost mode in time (for example, the original owner sets the mobile phone 1 in a lost mode after the pick-up shuts down the mobile phone 1), so that the mobile phone 1 cannot update the lost identification in time, and thus the anti-theft effect cannot be achieved. Thus, in an alternative design, the handset 1 may be considered to be in a lost state when the service identity is 1 (whether or not the drop identifier is 1). For example, if in the boot guide phase, the mobile phone 1 may display the activation lock interface when confirming that the service identifier is 1, and verify the user identity. If in the normal operation stage, the mobile phone 1 can read the first account and the second account when confirming that the service identifier is 1, and further compare whether the first account and the second account are consistent. Therefore, after the function of the search device is started, the mobile phone 1 can start the anti-theft process, so that the problem that the mobile phone 1 does not have an anti-theft effect due to the fact that the original owner is not timely lost is avoided.
In another possible design, the mobile phone 1 may also display an activate lock interface to verify the user identity during the boot wizard phase when the service identification is 0. In other words, even if the mobile phone 1 does not use to start the function of searching for the device, the mobile phone 1 can start the anti-theft process in the boot guide stage, so that the anti-theft effect can be achieved to the maximum extent.
In summary, the terminal anti-theft method provided by the present application can verify whether the second account is consistent with the first account when the terminal device is lost. If the first account is inconsistent with the second account, the terminal equipment enters a locking state, and the current user is restricted from continuously using the terminal equipment. Therefore, the terminal equipment can read the anti-theft identification and perform identity verification during starting operation, so that the terminal equipment can be normally used after the identity verification is successful even if the terminal equipment is refreshed, and the anti-theft coefficient of the terminal equipment is further improved.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
The functional units in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: flash memory, removable hard disk, read-only memory, random access memory, magnetic or optical disk, and the like.
The foregoing is merely a specific implementation of the embodiments of the present application, but the protection scope of the embodiments of the present application is not limited thereto, and any changes or substitutions within the technical scope disclosed in the embodiments of the present application should be covered by the protection scope of the embodiments of the present application. Therefore, the protection scope of the embodiments of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. A terminal anti-theft method, characterized by being applied to a terminal device, the terminal device including a secure memory chip, the method comprising:
if the terminal equipment is in a starting-up running state, the terminal equipment reads an anti-theft identifier, and the anti-theft identifier is stored in the safety storage chip;
when the anti-theft identification indicates that the terminal equipment is in a lost state, the terminal equipment reads a first account number from the secure storage chip, wherein the first account number is an account number associated with the terminal equipment;
the terminal equipment acquires a second account, wherein the second account is the account which the terminal equipment logs in currently;
the terminal equipment determines whether the first account number is consistent with the second account number;
and if the first account is inconsistent with the second account, the terminal equipment displays a first interface, and the first interface indicates that the terminal equipment is locked.
2. The terminal anti-theft method according to claim 1, wherein the terminal device reads an anti-theft identification, comprising:
and responding to the operation of modifying the screen locking password by the user, and reading the anti-theft identification by the terminal equipment.
3. The terminal anti-theft method according to claim 1, wherein the terminal device reads an anti-theft identification, comprising:
and the terminal equipment reads the anti-theft identification according to a preset time interval.
4. A terminal theft prevention method according to any one of claims 1 to 3, characterised in that the method further comprises:
and responding to the terminal equipment entering a startup guide, and reading the anti-theft identification by the terminal equipment.
5. The method for preventing theft of a terminal according to any one of claims 1 to 4, wherein the terminal device obtaining the second account number includes:
the terminal equipment acquires a login identifier;
if the login identification indicates that the terminal equipment does not login the account, the terminal equipment displays a second interface;
and responding to the input operation of the user on the second interface, and acquiring the second account by the terminal equipment.
6. The terminal theft prevention method according to claim 5, characterized in that the method further comprises:
And if the login identification indicates that the terminal equipment has logged in the account, the terminal equipment reads the second account.
7. The terminal theft prevention method according to any one of claims 1 to 6, characterized in that the method further comprises:
and in response to receiving the operation of sliding the first interface by the user, the terminal equipment displays a third interface, wherein the third interface is used for inputting the password matched with the first account number by the user.
8. The terminal theft prevention method according to any one of claims 1 to 6, characterized in that the method further comprises:
and if the first account is consistent with the second account, the terminal equipment resets the anti-theft identifier.
9. The method for preventing theft of a terminal according to any one of claims 1 to 6, wherein the anti-theft identifier includes a first identifier and a second identifier, the first identifier is used for indicating whether the terminal device starts a first function, the first function is a function of uploading positioning information to a cloud server in real time by the terminal device, and the second identifier is used for indicating whether the terminal device is lost;
if the first identifier indicates that the terminal equipment starts a first function, the terminal equipment is in a lost state;
Or if the first identifier indicates that the terminal equipment has started the first function and the second identifier indicates that the terminal equipment is lost, the terminal equipment is in a lost state.
10. A terminal device comprising a secure memory chip and a processor, the processor and memory being coupled, the memory storing program instructions that when executed by the processor cause the terminal device to implement the method of any of claims 1-9.
11. A computer-readable storage medium comprising computer instructions;
the computer instructions, when run on a terminal device, cause the terminal device to perform the method of any of claims 1-9.
CN202210022827.7A 2022-01-10 2022-01-10 Terminal anti-theft method and terminal equipment Pending CN116456023A (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202210022827.7A CN116456023A (en) 2022-01-10 2022-01-10 Terminal anti-theft method and terminal equipment
EP23737072.1A EP4290844A4 (en) 2022-01-10 2023-01-04 Anti-theft method for terminal, and terminal device
PCT/CN2023/070550 WO2023131209A1 (en) 2022-01-10 2023-01-04 Anti-theft method for terminal, and terminal device
US18/282,150 US20240054208A1 (en) 2022-01-10 2023-01-04 Terminal anti-theft method and terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210022827.7A CN116456023A (en) 2022-01-10 2022-01-10 Terminal anti-theft method and terminal equipment

Publications (1)

Publication Number Publication Date
CN116456023A true CN116456023A (en) 2023-07-18

Family

ID=87073176

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210022827.7A Pending CN116456023A (en) 2022-01-10 2022-01-10 Terminal anti-theft method and terminal equipment

Country Status (4)

Country Link
US (1) US20240054208A1 (en)
EP (1) EP4290844A4 (en)
CN (1) CN116456023A (en)
WO (1) WO2023131209A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117177246A (en) * 2023-10-25 2023-12-05 荣耀终端有限公司 Method for locking electronic equipment, electronic equipment and server

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103577733A (en) * 2013-09-02 2014-02-12 小米科技有限责任公司 Safety protection method and device for terminal equipment and terminal equipment
CN103581404A (en) * 2012-07-20 2014-02-12 上海斐讯数据通信技术有限公司 Mobile phone with theft prevention function and mobile phone theft prevention method
CN106851623A (en) * 2017-02-14 2017-06-13 北京奇虎科技有限公司 A kind of locking means of mobile terminal, device and mobile terminal
CN107613493A (en) * 2017-08-02 2018-01-19 捷开通讯(深圳)有限公司 Intelligent terminal and its antitheft method, the device with store function
CN107734176A (en) * 2017-10-25 2018-02-23 深圳市金立通信设备有限公司 Loss guard method, terminal and the computer-readable recording medium of mobile terminal
CN110851881A (en) * 2019-10-31 2020-02-28 成都欧珀通信科技有限公司 Security detection method and device for terminal equipment, electronic equipment and storage medium
CN112334896A (en) * 2018-12-29 2021-02-05 华为技术有限公司 Unlocking method and device of terminal device and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102857913B (en) * 2011-06-28 2015-03-11 ***通信集团公司 Method and device for authenticating in safety channel establishing process as well as intelligent card and terminal
US9870490B2 (en) * 2014-02-25 2018-01-16 Samsung Electronics Co., Ltd. Apparatus and method for an antitheft secure operating system module
CN108307674B (en) * 2016-12-02 2020-06-16 华为技术有限公司 Method and equipment for guaranteeing terminal safety
WO2019061525A1 (en) * 2017-09-30 2019-04-04 深圳传音通讯有限公司 Anti-theft processing method for mobile terminal, mobile terminal and readable storage medium
CN110598384B (en) * 2019-09-16 2022-02-22 Oppo(重庆)智能科技有限公司 Information protection method, information protection device and mobile terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581404A (en) * 2012-07-20 2014-02-12 上海斐讯数据通信技术有限公司 Mobile phone with theft prevention function and mobile phone theft prevention method
CN103577733A (en) * 2013-09-02 2014-02-12 小米科技有限责任公司 Safety protection method and device for terminal equipment and terminal equipment
CN106851623A (en) * 2017-02-14 2017-06-13 北京奇虎科技有限公司 A kind of locking means of mobile terminal, device and mobile terminal
CN107613493A (en) * 2017-08-02 2018-01-19 捷开通讯(深圳)有限公司 Intelligent terminal and its antitheft method, the device with store function
CN107734176A (en) * 2017-10-25 2018-02-23 深圳市金立通信设备有限公司 Loss guard method, terminal and the computer-readable recording medium of mobile terminal
CN112334896A (en) * 2018-12-29 2021-02-05 华为技术有限公司 Unlocking method and device of terminal device and storage medium
CN110851881A (en) * 2019-10-31 2020-02-28 成都欧珀通信科技有限公司 Security detection method and device for terminal equipment, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117177246A (en) * 2023-10-25 2023-12-05 荣耀终端有限公司 Method for locking electronic equipment, electronic equipment and server
CN117177246B (en) * 2023-10-25 2024-04-12 荣耀终端有限公司 Method for locking electronic equipment, electronic equipment and server

Also Published As

Publication number Publication date
WO2023131209A1 (en) 2023-07-13
EP4290844A1 (en) 2023-12-13
EP4290844A4 (en) 2024-01-17
US20240054208A1 (en) 2024-02-15
WO2023131209A9 (en) 2023-12-14

Similar Documents

Publication Publication Date Title
CN111444528B (en) Data security protection method, device and storage medium
US10810811B2 (en) Electronic device and method for managing electronic key thereof
WO2016015551A1 (en) Method and system for improving safety of mobile terminal
EP3792121B1 (en) Vehicle electronic device for performing authentication, mobile device used for vehicle authentication, vehicle authentication system, and vehicle authentication method
CN113259301B (en) Account data sharing method and electronic equipment
JP5494661B2 (en) Electronic device, security method thereof, security program thereof, and recording medium
CN106909820B (en) Mobile terminal and fingerprint data processing method and device thereof
WO2020047868A1 (en) Business processing method and device
CN113641967B (en) Method for unlocking terminal equipment by wearable equipment and communication system
EP2985717A1 (en) Data erasing device, data erasing method, program, and storage medium
WO2023131209A9 (en) Anti-theft method for terminal, and terminal device
CN110752929A (en) Application program processing method and related product
CN104537311A (en) Terminal system control method and device, and terminal
KR20140128212A (en) Power-off protection method and device and mobile terminal adopting the same
CN114756849B (en) Method and device for verifying personal identification number PIN code
CN114661501A (en) Method and device for repairing abnormal starting-up
CN115551076A (en) Mobile terminal positioning method and device, electronic equipment and storage medium
CN116485403A (en) Payment method and electronic equipment
CN110555924B (en) Method and device for unlocking processing
CN115146253A (en) Mobile App login method, mobile device and system
US11593524B2 (en) Mobile information terminal and control method thereof
CN113468917A (en) Fingerprint verification method and device
CN113810886A (en) Verification method and device
KR20210026233A (en) Electronic device for controlling access for device resource and operating method thereof
WO2022143136A1 (en) Password reset method and apparatus, and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination